Sorry if this question is dumb. I'm kinda new to PHP/mySql...
I'm trying to set up a submissions form with no login necessary. I have a database in the server with one user with privileged access to it. So whenever people submit the form they can insert into the database using the same username/password...
My config file is like this for all users...
<?php
return [
'database' => [
'name' => 'database',
'username' => 'myusername',
'password' => 'mypassword',
'connection' => 'host',
'options' => [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
]
]
];
Is this a standard/appropriate way to do it, or do I need to connect each user to the database through their own username/password?
Yes, this is common. Most web apps and web sites do something like this. WordPress, for example, uses a single username and password to access the database. It's fine.
WordPress keeps its secrets (passwords and some other things) in a file called /wp-config.php. A properly configured web server won't allow a site visitor to see that file directly. It should be set up to always run, and never display, php files when a user asks for those files in a URL. Instead, other parts of the web app include or require it in their code, to get the secrets. WordPress has a good description of this file in their docs.
If you want slightly tighter security though, I suggest creating four usernames/passwords for your database, and for backups. (Some people use a separate username for backups.)
user table and both read and write the loginlog, posts, and comments tables. This one is used for most routine web app operations.Then, the user names and passwords of your web app's users will be their own, and not a database access user/password.
This practice is quite common, and there will be nothing to worry about with this implementation. The username and password are for your DB, and not your userbase.
This is the configuration file which tells the PHP the information which is required to make the database connection.